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A taxonomy of computer program security flaws 

Carl E. Landwehr, Alan R. Bull, John P. McDermott, William S. Choi 

September 1994 ACM Computing Surveys (CSUR), volume 26 issue 3 

Publisher: ACM Press 

Additional Information: full citation , abstract , references , citings , index 
terms , review 



Full text available: * g) pdf(3.81 MB) 



An organized record of actual flaws can be useful to computer system designers, 
programmers, analysts, administrators, and users. This survey provides a taxonomy for 
computer program security flaws, with an Appendix that documents 50 actual security 
flaws. These flaws have all been described previously in the open literature, but in widely 
separated places. For those new to the field of computer security, they provide a good 
introduction to the characteristics of security flaws and how they ... 

Keywords: error/defect classification, security flaw, taxonomy 



Se parating key management from file system security 

David Mazieres, Michael Kaminsky, M. Frans Kaashoek, Emmett Witchel 

December 1999 ACM SIGOPS Operating Systems Review , Proceedings of the 

seventeenth ACM symposium on Operating systems principles SOSP 

'99, Volume 33 Issue 5 
Publisher: ACM Press 

Additional Information: full citation , abstract , references , citings , index 
terms 



Full text available: 1 



No secure network file system has ever grown to span the Internet. Existing systems all 
lack adequate key management for security at a global scale. Given the diversity of the 
Internet, any particular mechanism a file system employs to manage keys will fail to 
support many types of use. We propose separating key management from file system 
security, letting the world share a single global file system no matter how individuals 
manage keys. We present SFS, a secure file system that avoids internal ... 



Integrating security in a large distributed system 
M. Satyanarayanan 

August 1989 ACM Transactions on Computer Systems (TOCS), Volume 7 issue 3 
Publisher: ACM Press 
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Full text available: ^ pdf(2.90 MB) Additional Information: full citation , abstract , references , citings , index 

terms , review 

Andrew is a distributed computing environment that is a synthesis of the personal 
computing and timesharing paradigms. When mature, it is expected to encompass over 
5,000 workstations spanning the Carnegie Mellon University campus. This paper examines 
the security issues that arise in such an environment and describes the mechanisms that 
have been developed to address them. These mechanisms include the logical and physical 
separation of servers and clients, support for secure communication ... 

4 Cryptographic storage security: Secure capabilities for a petabyte-scale object-based |j| 

distributed file system 
Christopher Olson, Ethan L. Miller 

November 2005 Proceedings of the 2005 ACM workshop on Storage security and 

survivability StorageSS '05 
Publisher: ACM Press 

Full text available: ^| pdfd 99.37 KB) Additional Information: full citation , abstract , references , index terms 

Recently, the Network -Attached Secure Disk (NASD) model has become a more widely 
used technique for constructing large-scale storage systems. However, the security 
system proposed for NASD assumes that each client will contact the server to get a 
capability to access one object on a server. While this approach works well in smaller- 
scale systems in which each file is composed of a few objects, it fails for large-scale 
systems in which thousands of clients make accesses to a single file composed ... 

Keywords: capabilities, object-based storage, scalability 




Protecting applications with transient authentication 
Mark D. Corner, Brian D. Noble 

May 2003 Proceedings of the 1st international conference on Mobile systems, 

applications and services MobiSys '03 
Publisher: ACM Press 

Full text available: 'g pdf(294.40 KB) Additional Information: full citation , abstract , references 

How does a machine know who is using it? Current systems authenticate their users 
infrequently, and assume the user's identity does not change. Such persistent 
authentication is inappropriate for mobile and ubiquitous systems, where associations 
between people and devices are fluid and unpredictable. We solve this problem with 
Transient Authentication, in which a small hardware token continuously authenticates the 
user's presence over a short-range, wireless link. We present the fo ... 

System support for pervasive applications 

Robert Grimm, Janet Davis, Eric Lemar, Adam Macbeth, Steven Swanson, Thomas Anderson, 

Brian Bershad, Gaetano Borriello, Steven Gribble, David Wetherall 

November 2004 ACM Transactions on Computer Systems (TOCS), Volume 22 issue 4 

Publisher: ACM Press 

Full text available: ^| pdfd .82 MB) Additional Information: full citation , abstract , references , index terms 

Pervasive computing provides an attractive vision for the future of computing. 
Computational power will be available everywhere. Mobile and stationary devices will 
dynamically connect and coordinate to seamlessly help people in accomplishing their 
tasks. For this vision to become a reality, developers must build applications that 
constantly adapt to a highly dynamic computing environment. To make the developers' 
task feasible, we present a system architecture for pervasive computing, called & ... 

Keywords: Asynchronous events, checkpointing, discovery, logic/operation pattern, 
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Distributed file systems: concepts and examples 
Eliezer Levy, Abraham Silberschatz 

December 1990 ACM Computing Surveys (CSUR), Volume 22 issue 4 
Publisher: ACM Press 

Full text available* fiFl Ddf(5 33 MB) Additional Information: full citation , abstract , references , citings , index 

terms, review 

The purpose of a distributed file system (DFS) is to allow users of physically distributed 
computers to share data and storage resources by using a common file system. A typical 
configuration for a DFS is a collection of workstations and mainframes connected by a 
local area network (LAN). A DFS is implemented as part of the operating system of each 
of the connected computers. This paper establishes a viewpoint that emphasizes the 
dispersed structure and decentralization of both data and con ... 

8 General storage protection techniques: Securing distributed storage: challenges, 
4k techniques, and systems 
Vishal Kher, Yongdae Kim 

November 2005 Proceedings of the 2005 ACM workshop on Storage security and 
survivability StorageSS '05 

Publisher: ACM Press 

Full text available: ^| pdf(294.61 KB) Additional Information: full citation , abstract , references , index terms 

The rapid increase of sensitive data and the growing number of government regulations 
that require longterm data retention and protection have forced enterprises to pay serious 
attention to storage security. In this paper, we discuss important security issues related 
to storage and present a comprehensive survey of the security services provided by the 
existing storage systems. We cover a broad range of the storage security literature, 
present a critical review of the existing solutions, compare ... 

Keywords: authorization, confidentiality, integrity, intrusion detection, privacy 



9 File servers for network-based distributed systems 
Liba Svobodova 

December 1984 ACM Computing Surveys (CSUR), volume 16 issue 4 
Publisher: ACM Press 

Full text available' t?) pdf(4 23 MB) Additional Information: full citation , references , citings , index terms . 
" ' review 



10 The internet worm program: an analysis 
A. Eugene H. Spafford 

>r January 1989 ACM SIGCOMM Computer Comm unication Review, Volume 19 issue i 
Publisher: ACM Press 

Full text available: pdf(2.45 MB) Additional Information: full citation , abstract , citings , index terms 

On the evening of 2 November 1988, someone infected the Internet with a worm 
program. That program exploited flaws in utility programs in systems based on BSD- 
derived versions of UNIX. The flaws allowed the program to break into those machines 
and copy itself, thus infecting those systems. This program eventually spread to 
thousands of machines, and disrupted normal activities and Internet connectivity for 
many days.This report gives a detailed description of the components of the ... 
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11 Regaining single sign-on taming the beast 
Divyangi Anchan, Mahmoud Pegah 

September 2003 Proceedings of the 31st annual ACM SIGUCCS conference on User 

services 
Publisher: ACM Press 

Full text available: ^|pdf(21 7.34 KB) Additional Information: full citation , abstract , references , index terms 

It has been our effort at Ringling school to provide our campus community with the 
capability to uniformly access resources across multiple platforms. Empowering the user 
with a single sign-on capability has multifold benefits. It greatly improves user experience 
and relieves the user from the burden of remembering multiple user-id and password 
pairs. On the administrative side, help desk costs are noticeably reduced and security 
improved, as users are not tempted to 'store' multiple passwords i ... 

Keywords: LDAP, RPC, account synchronization, active directory (AD), active directory 
service interfaces (ADSI), password synchronization, single sign-on 



12 Paranoid penguin: single sign-on and the corporate directory, Part I 
Ti Leggett 

December 2005 Linux Journal, Volume 2005 issue 140 
Publisher: Specialized Systems Consultants, Inc. 

Full text available: p8| html(22.58 KB) Additional Information: full citation , abstract , index terms 



13 On the influence of scale in a distributed system | 
M. Satyanarayanan 

April 1988 Proceedings of the 10th international conference on Software engineering 
Publisher: IEEE Computer Society Press 

_ I14 . ., , . « Additional Information: full citation , abstract , references , citings , index 

Full text available: W\ pdf(1.10 MB) 

^ terms 

Scale should be recognized as a primary factor influencing the architecture and 
implementation of distributed systems. This paper uses Andrew, a distributed 
environment at Carnegie Mellon University, to validate this proposition. The design of 
Andrew is dominated by considerations of performance, operability and security. Caching 
of information and placing trust in as few machines as possible emerge as two general 
principles that enhance scalability. The separation of concerns made possible ... 

14 Copyrights and access-rights: How DRM-based content delivery systems disrupt j 

^ expectations of "personal use" 

^ Deirdre K. Mulligan, John Han, Aaron J. Burstein 

October 2003 Proceedings of the 3rd ACM workshop on Digital rights management 
DRM '03 

Publisher: ACM Press 

Full text available-H Q pdf(416.68 KB) Additional Information: full citation , abstract, references, index terms , 
^ review 

We set out to examine whether current, DRM-based online offerings of music and movies 
accord with consumers' current expectations regarding the personal use of copyrighted 
works by studying the behavior of six music, and two film online distribution services. We 
find that, for the most part, the services examined do not accord with expectations of 
personal use. The DRM-based services studied restrict personal use in a manner 
inconsistent with the norms and expectations governing the purchase and ... 

Keywords: access control, content distribution, copyright, digital rights management, fair 
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15 Session 1: On instant messaging worms, analysis and countermeasures 
Mohammad Mannan, Paul C. van Oorschot 

November 2005 Proceedings of the 2005 ACM workshop on Rapid malcode WORM '05 
Publisher: ACM Press 

Full text available: ^) pdfd 86.53 KB) Additional Information: full citation , abstract , references , index terms 

We provide a collection of minor results on the area of Instant Messaging (IM) worms, 
which has received relatively little attention in the formal literature. We review selected 
IM worms and summarize their main characteristics, motivating a brief overview of the 
network formed by IM contact lists, and a discussion of theoretical consequences of 
worms in such networks. Existing methods to restrict an IM worm epidemic are analyzed 
in terms of usability and effectiveness, leading to the suggestion ... 

Keywords: instant messaging worms, scale-free networks 



16 Migrating to role-based access control 
Kami Brooks 

October 1999 Proceedings of the fourth ACM workshop on Role-based access control 
Publisher: ACM Press 

Full text available: ^ [pdf(1.22 MB) Additional Information: full citation , references , index terms 



Keywords: Tivoli Management Environment, enterprise systems management, migration, 
role-based access control, security management 
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Mark Resmer 
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18 Risks to the public in computers and related systems 
Peter G. Neumann 

July 1996 ACM SIGSOFT Software Engineering Notes, Volume 21 issue 4 
Publisher: ACM Press 
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19 Does licensing require new access control techniques? 

#Ralf C. Hauser 
November 1994 Communications of the ACM, volume 37 issue 11 
Publisher: ACM Press 
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^ review 
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20 An authentication and key distribution system for open network systems 
Shiuh-Pyng Shieh, Wen-Her Yang 
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